Manager Information Technology Services 1 (infomation Security)

Manager Information Technology Services 1 (Information Security)

The New York State Office of Information Technology Services (ITS) provides operational support 24 hours a day, 7 days a week, 365 days of the year, supporting more than 4,900 applications for 53 New York State Agencies.

The New York State Department of Transportation (DOT) Office of Traffic Safety and Mobility (OTSM) and ITS are in year one of five years, implementing a Technology Plan designed to improve both safety and mobility by enhancing, streamlining, and improving resiliency of transportation system management and operations (TSMO) strategies. The portfolio of work includes 29 overall projects that address governance, legacy technology replacement, and installation of proven technology innovations. OTSM and ITS have established a joint Operational Technology Team (OT Team) to design, build, test and implement the portfolio of work and provide ongoing operational support of the portfolio.

Under the direction of the Director of IT/OT Convergence within Dedicated Support, Department of Transportation (DOT), the Manager Information Technology Services 1 (Information Security) will be responsible for developing, implementing, and maintaining the organization's information security program, with a specific focus on OT environments within the transportation sector. This includes securing Intelligent Transportation Systems, ensuring transportation safety, and protecting critical infrastructure. The role focuses on protecting the confidentiality, integrity, and availability of OT/IT systems. The OT/IT Security Officer will collaborate with the TSMO Technology team to establish and maintain a robust and effective security posture across the TSMO landscape.

Duties include, but are not limited to, the following:

• Develop, implement, and maintain a comprehensive OT/IT security program aligned with industry best practices (e.g., NIST 800-82, ISA/IEC 62443, Transportation Security Administration (TSA) guidelines), regulatory requirements, and organizational policies.
• Conduct risk assessments and vulnerability assessments of OT/IT systems and infrastructure to identify security gaps and prioritize remediation efforts.
• Develop and maintain OT/IT security policies, standards, and procedures, specifically addressing transportation safety concerns.
• Establish and manage an OT/IT security awareness training program for employees, contractors, and transportation partners.
• Perform the full range of supervisory duties.

Security Architecture and Implementation:

• Design and implement secure network architectures for OT/IT environments, including network segmentation, firewalls, intrusion detection/prevention systems (IDS/IPS), and other security controls.
• Evaluate and recommend security technologies and solutions for OT/IT systems, considering the unique challenges of transportation environments (e.g., mobile assets, remote locations).
• Oversee the implementation and configuration of security controls on OT/IT devices and systems, including those used in vehicles, traffic management centers, and roadside infrastructure.
• Ensure proper patching and vulnerability management processes are in place for OT/IT assets, with consideration for the operational impact of downtime.

Incident Response and Forensics:

• Develop and maintain an OT/IT incident response plan, specifically addressing transportation-related incidents (e.g., traffic signal manipulation, vehicle hacking).
• Lead and participate in OT/IT security incident investigations.
• Conduct forensic analysis of OT/IT systems to identify the root cause of security incidents.
• Coordinate with OITS security teams and transportation authorities on cross-functional incident response activities.

Transportation Safety and Compliance:

• Ensure network infrastructure complies with relevant transportation safety regulations and standards (e.g., FRA, FTA, DOT).
• Participate in safety audits and risk assessments related to OT network infrastructure.
• Implement and maintain network configurations that support failover and redundancy to ensure system availability in critical situations.

Compliance and Auditing:

• Ensure compliance with relevant regulatory requirements and industry standards (e.g., NERC CIP (if applicable), TSA security directives, state DOT regulations).
• Conduct regular security audits and assessments of OT/IT systems.
• Manage and respond to internal and external audit findings.

Collaboration and Communication:

• Collaborate with relevant teams to ensure a coordinated approach to security.
• Communicate security risks and vulnerabilities to stakeholders in a clear and concise manner, emphasizing the impact on transportation safety and efficiency.
• Stay up-to-date on the latest OT/IT security threats, vulnerabilities, and trends, including those specific to the transportation sector.
• Participate in industry forums and working groups to share knowledge and best practices related to transportation security.

Vendor Management:

• Assess the security posture of OT/IT vendors and service providers.
• Review and approve security requirements for OT/IT vendor contracts.
• Monitor vendor compliance with security policies and standards.

Minimum Qualifications:

Non-competitive: Seven years of information technology, cybersecurity, or information assurance experience*, including one year at the supervisory level.

Education/Experience Substituions*:

A bachelor's or higher-level degree in any field including or supplemented by 15 semester credit hours in computer science or related field substitutes for three years of required experience; any bachelor's substitutes for two years of required experience.

An associate degree with 15 semester credit hours in computer science or related field may substitute for one year of required experience. Candidates in a bachelor's degree program with at least 15 semester credit hours in computer science or related field may substitute such credits for one year of required experience.

A master's degree or higher in computer science or related field substitutes for one year of required experience.

Preferred Qualifications:

Certifications:

Preference for candidates holding relevant Information Security industry certification, including but not limited to Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Certified in Risk and Information Systems Control (CRISC).

Skills:

Strong understanding of OT/IT systems, including industrial control systems (ICS), SCADA systems, and distributed control systems (DCS). Knowledge of OT/IT architectures, communication protocols, and security considerations. Knowledge of OT/IT security standards and frameworks (e.g., NIST 800-82, ISA/IEC 62443). Experience with network security technologies, such as firewalls, intrusion detection/prevention systems (IDS/IPS), and VPNs. Experience with vulnerability assessment and penetration testing tools.

Soft Skills:

Strong analytical and problem-solving skills. Excellent communication and interpersonal skills. Ability to work independently and as part of a team. Ability to prioritize tasks and manage time effectively. Ability to communicate technical information to non-technical audiences. Strong leadership and mentoring skills.

Please Note:

Appointment to this position and continued employment with the agency is contingent upon obtaining and/or maintaining New York State residency within six months of hiring. Appointment to this position is not final until all agency approvals have been granted.